Re: [libvirt] [PATCH 2/2] LXC: rework mounting cgroupfs in container

-----Original Message----- From: Daniel P. Berrange [mailto:berrange@redhat.com] Sent: Friday, April 05, 2013 7:29 PM To: Gao feng Cc: libvir-list(a)redhat.com; Yin Olivia-R63875 Subject: Re: [PATCH 2/2] LXC: rework mounting cgroupfs in container On Fri, Apr 05, 2013 at 10:16:43AM +0800, Gao feng wrote: > On 2013/03/27 13:26, Gao feng wrote: > > On 2013/03/20 16:14, Gao feng wrote: > >> There are 3 reason we need to rework the cgroupfs mounting in > >> container. > >> > >> 1, Yin Olivia reported a "failed to mount cgroup" > >> problem, now we given that the name of cgroup mount point > >> is same with the subsystem type, Or libvirt_lxc > >> will fail to start. > >> > >> 2, The cgroup configuration is leaked to the container, > >> even user can change host's cgroup configuration in > >> container. > >> > >> 3, After we enable userns, the cgroupfs is unable to be > >> mounted in uninit-userns. > >> > >> This patch tries to resolve these 3 problem, uses mount --bind to > >> set cgroupfs for container. > >> > >> It means the directory /sys/fs/cgroup/memory/libvirt/lxc/domain > >> of host will be binded to the directory /sys/fs/cgroup/memory of > >> container. > >> > > > > what's your idea about this patch? > > > > Ping Again The pach has the right idea, but it clashes with the refactoring I've done for cgroups and LXC. I'll update your patch to apply ontop of this series: https://www.redhat.com/archives/libvir-list/2013-April/msg00352.html and copy you on the mail when i post it. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt- manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk- vnc :|